Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dblazevic
Staff
Staff

Created on ‎02-20-2017 03:19 AM Edited on ‎03-30-2025 11:19 PM By Community Manager

Article Id 191979

Technical Tip: BGP advertising a default route with 'set capability-default-originate'

Description

 

This article describes that adefault route is advertised to a BGP speaker when no default route is found in the routing table.
 
Scope
 
FortiGate.


Solution

 

Advertising a default route in BGP.

Adding the command set capability-default-originate enable will advertise a default route to the BGP peer without a default route present in the RIB.  The default route will be created to be announced to the BGP neighbor only.
 
config router bgp
   set as 65002
    set router-id 1.1.1.2
    config neighbor
        edit "1.1.1.1"
            set capability-default-originate enable
            set remote-as 65001
         set send-community6 disable
        next
    end
   config redistribute "connected"
    end
    config redistribute "rip"
    end
    config redistribute "ospf"
 end
    config redistribute "static"
    end
    config redistribute "isis"
    end
    config redistribute6 "connected"
    end
   config redistribute6 "rip"
    end 
    config redistribute6 "ospf"
    end
    config redistribute6 "static"
    end
    config redistribute6 "isis"
    end

No default route is visible in the routing table.  However, the route is advertised.
 
Fortigate# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default
C       1.1.1.0/30 is directly connected, wan2
C       192.168.1.0/24 is directly connected, internal
Fortigate# get router info bgp neighbors 1.1.1.1
BGP neighbor is 1.1.1.1, remote AS 65001, local AS 65002, external link
  BGP version 4, remote router ID 192.168.1.254
  BGP state = Established, up for 00:45:11
  Last read 00:00:56, hold time is 180, keepalive interval is 60 seconds
  The configured hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received (old and new)
    Address family IPv4 Unicast: advertised and received
    Address family IPv6 Unicast: advertised
  Received 83 messages, 0 notifications, 0 in queue
  Sent 91 messages, 2 notifications, 0 in queue
  Route refresh request: received 1, sent 0
  Minimum time between advertisement runs is 30 seconds
 
For address family: IPv4 Unicast:
 
BGP table version 6, neighbor version 6
  Index 1, Offset 0, Mask 0x2
  AF-dependant capabilities:
    Graceful restart: advertised
  Community attribute sent to this neighbor (both)
  Default information originate, default sent
  0 accepted prefixes
  1 announced prefixes
 
For address family: IPv6 Unicast.
 
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
0 accepted prefixes
0 announced prefixes
Connections established 6; dropped 5
Local host: 1.1.1.2, Local port: 179
Foreign host: 1.1.1.1, Foreign port: 61735
Nexthop: 1.1.1.2
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Last Reset: 00:46:54, due to BGP Notification sent
Notification Error Message: (CeaseUnspecified Error Subcode)
Fortigate # get router info bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 6, local router ID is 1.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0/0        1.1.1.2                       100  32768 I
Total number of prefixes 1

BGP Peer (in this case Cisco):
 
Router#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 1.1.1.2 to network 0.0.0.0
 
# 1.0.0.0/30 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Vlan1
B*   0.0.0.0/0 [20/0] via 1.1.1.2, 00:48:50

Router#sho ip bgp
BGP table version is 2, local router ID is 192.168.1.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          1.1.1.2                                0 65002 i    1.1.1.2 from 1.1.1.2 (1.1.1.2)
      Origin IGP, localpref 100, valid, external, best
 
Related article

 

54023
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.